Recently we had a situation in New Zealand where a large telco announced Huawei would provide their 5G kit for the entire network, then days later had to retract because the national intelligence agency barred the deal [0].

after so many years with so many Huawei equipments used in the west, when all kinds of security experts and law enforcements officials all have 24/7 access to those devices, when the state of the art analysis tools and procedures are all available to them, any actual backdoor intentionally placed by Huawei got busted?

> What about future firmware upgrade or hardware replacement that isn’t vetted today.

same question for all Cisco/IBM/HP/Apple devices used in countries not that close to the US/UK. should they use the same cheap excuses to ban all those devices? or maybe the standard is simply different here?

> What triggered all this was BT found the equipment was too chatty

please define the term chatty and what is the acceptable threshold? or maybe get the best expert to look into it and present the smoking gun evidence to the world to actually prove something with solid evidence?

I've wondered how the security experts privately regard nation state security personnel and teams? For example, no government was competing to employ Barnaby Jack. And of course government is notorious for inefficiency and incompetence when producing goods and services.

Of course nation states also have enormous advantages over any other individual or group.

Not many public sources, but this is a good reference [1]. Vulnerability in a specific piece of network kit is typically easier to find (and therefore cheaper) than a vulnerability in something like nginx, since many vulnerabilities are in the custom configs, wrapper scripts, and lower quality OEM code used for the software on a specific device rather than the software itself.

> Huawei denies having any ties to the Chinese government beyond those of being a law-abiding taxpayer.

I find it interesting that these kinds of verbal games are continually played out in the public eye despite everyone involved knowing exactly what's going on. And that goes for all APT / nation-state actors.

The irony here in that Australia just passed laws requiring local vendors to put in backdoors at the governments request, not just for national security but also in regards to "national economic well-being" aka industrial espionage.

"HCSEC is a facility in Banbury, Oxfordshire, belonging to Huawei Technologies (UK) Co Ltd, whose parent company is a Chinese headquartered company which is now one of the world’s largest telecommunications providers.

HCSEC has been running for seven years. It opened in November 2010 under a set of arrangements between Huawei and HMG to mitigate any perceived risks arising from the involvement of Huawei in parts of the UK’s critical national infrastructure. HCSEC provides security evaluation for a range of products used in the UK telecommunications market. Through HCSEC, the UK Government is provided with insight into Huawei’s UK’s strategies and product ranges. The UK’s National Cyber Security Centre (NCSC, and previously GCHQ), as the national technical authority for information assurance and the lead Government operational agency on cyber security, leads for the Government in dealing with HCSEC and with Huawei more generally on technical security matters."

"Due to areas of concern exposed through the proper functioning of the mitigation strategy and associated oversight mechanisms, the Oversight Board can provide only limited assurance that all
risks to UK national security from Huawei’s involvement in the UK’s critical networks have been sufficiently mitigated."

The publication triggered headlines in multiple news outlets at the time, e.g.

It doesn't. I doubt it would be legal for them to mention things covered by the Official Secrets Act. Remember that GCHQ was "officially invisible" for years despite being a hugely visible building and major Coventry employer. The Martlesham Heath connection is less conspicuous but something I've had people in the know hint at.

> I doubt it would be legal for them to mention things covered by the Official Secrets Act.

Official Secrets act only applies to people who signed it.

A journalist would have to be insane to sign the official secrets act as it is hilariously broad.

If you don't sign it then you can print (almost) whatever you want.

Even the much vaunted "D-Notices" are not mandatory, it's an informal agreement between the press and the government that occasionally the government will ask them not to print something and the press will (mostly) trust them, it seems to work fairly well, one thing I've wondered is that because the D-Notices are voluntary rather than mandatory the government can't abuse them the way they could if they where mandatory (since if they did the press would stop ignoring them).

They have to either sign it or be notified that they are covered under it generally by employment contract that you sign.

Without either of those you are not bound by it.

> It is not necessary for a person to have signed the Official Secrets Act in order to be bound by it. The 1989 Act states that a person can be "notified" that he or she is bound by it; and Government employees will usually be informed via their contract of employment if they must observe the Act. [1]

It would be commercial suicide for Huawei to have backdoored their export products. For the Chinese domestic market they may have 'Great Firewall' extras to them but for export products it simply makes no business sense.

There is zero evidence in the public domain to support the hysterical allegations of the crazy folks in our domestic military-industrial-espionage complex.

In former times there was this quaint notion of innocent until proven guilty. It is time we grow up a bit and stop slandering our Chinese friends. Xenophobia has never helped.

Edit: Instead of downvoting, please explain the flaws in my comment, whether they be based on unsubstantiated claims, tone of voice or just personal grudge. Thank-you.

> The problem is that Huawei kit does not have GCHQ/NSA backdoor capabilities. Hence it has to be banished.

GCHQ/NSA don't need to add their own backdoor capabilities. Huawei gear ships with support for what is refered to as Lawful Interception.[0]

I agree with the rest of your comment and I said something similar myself a few days ago[1]. But the idea of Huawei being barred by a British carrier because of GCHQ not being able to snoop on it is absurd.

I like the Huawei employees I have met in Surrey, it does seem a pity that their world is being ruined by the brainfarts of politicians and those spooks that told so many lies about Iraq and every other war.

Nobody is slandering the Chinese people and this has nothing to do with xenophobia. This is purely about the actions of the Chinese government who have built their military on the back of IP theft. Much of which has been obtained through backdoors etc.

And this isn’t a courtroom so the whole innocent until guilty concept makes no sense.

>There is zero evidence in the public domain to support the hysterical allegations of the crazy folks in our domestic military-industrial-espionage complex.

Key phrase "in the public domain". As someone with access to info that is NOT in the public domain.......every organization basically has one of two choices: either your data ends up on an NSA server, or your data ends up on a server in China. Which you choose largely depends on your government's politics and which superpower they are currying favor with.

Well, they almost certainly _are_ "backdoored" in some sense, because the UK (like almost all countries) mandates that law enforcement be able to wiretap calls. It would never have been deployed in the first place without it.

The ability to wiretap does not depend on every bit of kit on the chain being wire-tap-able. From what I understand Huawei provide the radio access network components that work with existing 'Cisco/Ericsson' core infrastructure, with the core bit being where the wire tap happens and not the radio access bit.

Old paranoia filled post left below for reference. Thanks to saaaaaam for pointing the above link out.

----

There's something going on here, political or technical.

O2/Telefonica subcontracted out a lot of their core to Huawei in 2012 [1]. Literally today, after their CFO was arrested in Canada [2], we've been hit with a massive telecoms outage here in the UK which has taken out data / SMS. O2 have stated that it's due to one of their technology provider's software [3].

Edit: Giffgaff (virtual provider) have also stated that this is a global problem which is even more worrying [4]

I hope this is a coincidence.

We've had data down here in UK from 0500 to 14:00 so far...

China stock is falling, this happened, Huawei already have a somewhat iffy reputation and now BT is throwing out news about jumping ship from them suddenly.

Huawei is rumored to have backdoored the African Union and Trump has been pushing other countries to get tough on China in general for stealing IP. This is essentially an extension of the trade war and valid fears that the Chinese government may be spying on you if you use Huewei

> However, critics point out that its founder, Ren Zhengfei, was a former engineer in the country's army and joined the Communist Party in 1978. There are also questions about how independent of state influence any large Chinese company can be.

Is this really the best they can come up with? I've never heard any more specific accusations, in any media. Sounds pretty racist.

(I have seen specific accusations that Huawei is violating sanctions, but that is a separate concern from national security in infrastructure.)

Corporate espionage and military intelligence are not clearly separated in China, and this is due to the culture and values of the Chinese Communist Party. This is seen as the same thing, advancing towards the same goal.

This is arguable less of the case in other countries, which is why people in other countries don't understand what is going on right now (i.e. why Huawei is seen as a security threat). The concern is, if you in the future cross the will of the Chinese Communist Party, your national infrastructure may suddenly...behave differently.